Lucene search
K

5 matches found

Cvelist
Cvelist
added 2024/03/21 9:44 p.m.49 views

CVE-2024-28116 Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass

Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing securit...

8.8CVSS9.2AI score0.0576EPSS
Exploits4References2
Exploit DB
Exploit DB
added 2016/10/31 12:0 a.m.45 views

Apple OS X/iOS Kernel - IOSurface Use-After-Free

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=831 IOSurfaceRootUserClient stores a task struct pointer passed in via IOServiceOpen in the field at +0xf0 without taking a reference. By killing the corrisponding task we can free this pointer leaving the user client with a dangli...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2013/04/24 12:0 a.m.21 views

Oracle Java Runtime Environment 'Reflection API'任意代码执行漏洞

Oracle Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Oracle Java SE 7包括最近发布的1.7.021-b11存在一个安全漏洞,允许远程攻击者利用漏洞绕过Java安全沙盒,并以WEB浏览器上下文执行任意代码。 要成功利用此漏洞需要用户有一定的交互,如在显示安全警告窗口时需要用户接受执行潜在恶意Java应用的风险。 根据研究者声称,此漏洞还影响Server JRE 7。 0 Oracle Java SE 7及之前版本 厂商解决方案 目前没有详细解决方案提供: http://www.oracle.com...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2013/02/06 12:0 a.m.28 views

Oracle Java SE Unspecified Vulnerability - Feb 13 (Windows)

This host is installed with Oracle Java SE and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gboraclejavaseunspecifiedvulnfeb13win.nasl 7699 2017-11-08 12:10:34Z santu $ Oracle Java SE Unspecified Vulnerability - Feb 13 Windows Authors: Arun Kallavi Copyright: Copyright c...

4.3CVSS1.1AI score0.02701EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2013/01/31 2:55 p.m.32 views

CVE-2013-1490

Unspecified vulnerability in Oracle Java SE 7 Update 11 JRE 1.7.011-b21 allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any...

4.3CVSS5.9AI score0.02701EPSS
Exploits0References6
Rows per page
Query Builder